Coordinated distributed denial of service attacks (DDoS) threaten to prevent access to sites and services of major organizations. The DDoS attacks operate by consuming valuable resources on an attacked site or service. Simple tools such as internet protocol (IP) filtering are incapable of automatically differentiating between valid and malicious requests. More complicated approaches attempt to identify individual attacks, but these approaches are unable to prevent attacks originating from potentially legitimate machines that are manipulated through Trojan horse-style malware.